VM managed identity integration test (Azure#38457)

Author: christothes

sdk/identity/Azure.Identity/tests/CredentialTestHelpers.cs

@@ -23,6 +23,7 @@ namespace Azure.Identity.Tests
 {
     internal static class CredentialTestHelpers
     {
+        public static string[] DefaultScope = new string[] { "https://management.azure.com//.default" };
         private const string DiscoveryResponseBody =
             "{\"tenant_discovery_endpoint\": \"https://login.microsoftonline.com/c54fac88-3dd3-461f-a7c4-8a368e0340b3/v2.0/.well-known/openid-configuration\",\"api-version\": \"1.1\",\"metadata\":[{\"preferred_network\": \"login.microsoftonline.com\",\"preferred_cache\": \"login.windows.net\",\"aliases\":[\"login.microsoftonline.com\",\"login.windows.net\",\"login.microsoft.com\",\"sts.windows.net\"]},{\"preferred_network\": \"login.partner.microsoftonline.cn\",\"preferred_cache\": \"login.partner.microsoftonline.cn\",\"aliases\":[\"login.partner.microsoftonline.cn\",\"login.chinacloudapi.cn\"]},{\"preferred_network\": \"login.microsoftonline.de\",\"preferred_cache\": \"login.microsoftonline.de\",\"aliases\":[\"login.microsoftonline.de\"]},{\"preferred_network\": \"login.microsoftonline.us\",\"preferred_cache\": \"login.microsoftonline.us\",\"aliases\":[\"login.microsoftonline.us\",\"login.usgovcloudapi.net\"]},{\"preferred_network\": \"login-us.microsoftonline.com\",\"preferred_cache\": \"login-us.microsoftonline.com\",\"aliases\":[\"login-us.microsoftonline.com\"]}]}";
         public static (string Token, DateTimeOffset ExpiresOn, string Json) CreateTokenForAzureCli() => CreateTokenForAzureCli(TimeSpan.FromSeconds(30));

sdk/identity/Azure.Identity/tests/IdentityTestEnvironment.cs

@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-using System;
 using System.IO;
 using Azure.Core.TestFramework;
 using NUnit.Framework;
@@ -39,6 +38,7 @@ public class IdentityTestEnvironment : TestEnvironment
         public string ServicePrincipalCertificatePemPath => GetOptionalVariable("IDENTITY_SP_CERT_PEM") ?? Path.Combine(TestContext.CurrentContext.TestDirectory, "Data", "cert.pem");
         public string ServicePrincipalSniCertificatePath => GetOptionalVariable("IDENTITY_SP_CERT_SNI") ?? Path.Combine(TestContext.CurrentContext.TestDirectory, "Data", "cert.pfx");
         public string IdentityTestWebName =>  GetRecordedVariable("IDENTITY_WEBAPP_NAME");
+        public string VMUserAssignedManagedIdentityClientId =>  GetOptionalVariable("IDENTITY_VM_USER_ASSIGNED_MI_CLIENT_ID");
         public string IdentityTestAzFuncName =>  GetRecordedVariable("IDENTITY_FUNCTION_NAME");
     }
 }

sdk/identity/Azure.Identity/tests/ManagedIdentityVMIntegrationTests.cs

@@ -0,0 +1,29 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Threading.Tasks;
+using Azure.Core.Pipeline;
+using Azure.Core.TestFramework;
+using NUnit.Framework;
+
+namespace Azure.Identity.Tests
+{
+    public class ManagedIdentityVMIntegrationTests : IdentityRecordedTestBase
+    {
+        public ManagedIdentityVMIntegrationTests(bool isAsync) : base(isAsync)
+        { }
+
+        [Test]
+        [LiveOnly]
+        [Category("IdentityVM")]
+        // This test leverages the test app found in Azure.Identity\integration\WebApp
+        // It validates that ManagedIdentityCredential can acquire a token in an actual Azure Web App environment
+        public async Task GetManagedIdentityToken()
+        {
+            var cred = new ManagedIdentityCredential(TestEnvironment.VMUserAssignedManagedIdentityClientId);
+            var token = await cred.GetTokenAsync(new(CredentialTestHelpers.DefaultScope));
+            Assert.NotNull(token.Token);
+        }
+    }
+}

sdk/identity/platform-matrix.json

@@ -1,7 +1,15 @@
 {
+  "displayNames": {
+    "Public,Preview,Canary": ""
+  },
   "include": [
     {
       "Agent": {
+        "msi_image": {
+          "OSVmImage": "ubuntu-22.04",
+          "Pool": "azsdk-pool-mms-ubuntu-2204-identitymsi",
+          "AdditionalTestFilters": "TestCategory=IdentityVM"
+        },
         "ubuntu_keyring_container": {
           "OSVmImage": "ubuntu-20.04",
           "Pool": "Azure Pipelines",
@@ -12,4 +20,4 @@
       "SupportedClouds": "Public,Preview,Canary"
     }
   ]
-}
+}

sdk/identity/tests.yml

@@ -4,6 +4,11 @@ extends:
   template: /eng/pipelines/templates/stages/archetype-sdk-tests.yml
   parameters:
     TimeoutInMinutes: 120
+    AdditionalMatrixConfigs:
+      - Name: identity_msi
+        Path: sdk/identity/platform-matrix.json
+        Selection: sparse
+        GenerateVMJobs: true
     ServiceDirectory: identity
     CloudConfig:
       Public: